The Equal Employment Opportunity Commission (EEOC) has finally issued proposed regulations under the Americans with Disabilities Act (ADA) regarding wellness programs. The proposed regulations amend existing regulations and provide guidance on the extent to which employers may use incentives to encourage employee participation in wellness programs that include disability-related inquiries and/or medical examinations. The proposed regulations are intended to work in tandem with final regulations under the Health Insurance Portability and Accountability Act (HIPAA) and the Affordable Care Act (ACA), but there are significant differences.
This advisory discusses the proposed regulations’ content, how they interact with the final HIPAA/ACA regulations, and what next-steps employers should consider. While the regulations are not yet final, and are now subject to a 60-day comment period, they are likely to be implemented largely as drafted and it is not too early to start preparing.
Many different laws govern wellness programs, including HIPAA, ACA, Civil Rights Act, Equal Pay Act, Age Discrimination in Employment Act, Genetic Information Nondiscrimination Act and, of course, the ADA. In recent years employers have revised their wellness programs to comply with final regulations under HIPAA and the ACA (see our previous advisory). These rules prohibit discrimination in premiums, benefits or eligibility based on a health factor, with exceptions for premium discounts, rebates or modifications to otherwise applicable cost sharing (e.g. copayments, deductibles or coinsurance) for wellness programs. In contrast, the ADA prohibits discrimination against individuals with disabilities and prohibits employers from making disability-related inquiries or requiring medical examinations of employees, except in limited circumstances.
Relevant to wellness programs, medical examinations and inquiries must be “voluntary” and there cannot be a “penalty” for not participating. A key open question was whether withholding a premium adjustment or reward available under a wellness plan, for an employee who elected to opt out, was akin to a penalty and therefore the program was not “voluntary.” The EEOC’s position under the ADA on wellness programs has been unclear for many years, culminating in a burst of recent enforcement activity, and lawsuits being filed this past year, that left employers wondering whether their HIPAA/ACA compliant wellness programs are also ADA compliant.
How Do the Proposed Regulations and the HIPAA/ACA Regulations Fit Together?
The EEOC stated that compliance with the HIPAA/ACA regulations is not determinative of compliance with the ADA, but acknowledged its responsibility to interpret the ADA in a manner that reflects both the ADA’s goal of limiting employer access to medical information and the HIPAA/ACA provisions promoting wellness programs. In addition, the EEOC rejected the “bona fide benefit plan” ADA safe harbor as the proper basis for finding wellness incentives permissible and states that wellness incentives should be measured under the “voluntary” ADA standard.
What does that mean and where does it leave employers? The short answer is that employers now have two sets of rules for compliance that work together (sort of). The table below describes the proposed regulations’ requirements, and how the new rules fit into the HIPAA/ACA scheme. Employers should assess what action they need to take by using the checklists in the table below, and should contact their DWT employment and benefits attorneys for further information.
ADA Proposed Regulations
HIPAA/ACA Final Regulations
Program must promote health and prevent disease
An employee health program, including any disability-related inquiries or medical examinations, must be reasonably designed to promote health or prevent disease. To meet this standard, the program must have a reasonable chance of improving the health of, or preventing disease in, participating employees, and must not be overly burdensome, a subterfuge for violating the ADA or other laws prohibiting employment discrimination, or highly suspect in the method chosen to promote health or prevent disease.
The following are acceptable components:
The following are NOT acceptable components:
This is very similar to the requirement for health contingent programs to be reasonably designed to promote health or prevent disease.
These components would also be acceptable under the HIPAA/ACA regulations.
¨ Check that your wellness program and practices do not include any of the components listed as not acceptable.
An employee health program including disability related inquiries or medical examinations (including as part of an HRA) must be voluntary. This means that employers may not:
In addition, where the wellness program is part of a group health plan, the employer must provide an understandable notice that clearly explains the type of medical information that will be obtained and the specific purposes for which the information will be used, restrictions on disclosure of the employee’s medical information, the employer representatives or other parties with whom the information will be shared, and the methods that the employer will use to ensure that medical information is not improperly disclosed (including whether it complies with HIPAA).
¨ The ADA notice is required for both participatory and health contingent programs.
¨ The ADA notice requires more information than the HIPAA/ACA regulations.
Limited incentives are permissible for wellness programs that are part of a group health plan that includes disability related inquiries or medical exams.
Example: Plan’s total annual premium for employee-only coverage is $5,000 (including employer and employee contributions). Plan provides: (i) $250 reward to employees who complete an HRA; and (ii) $1,500 reward for participating in a health contingent wellness program to promote cardiovascular health. Total reward is $1,750. This violates the ADA because it exceeds 30% of the total cost of coverage. Reward must be capped at $1,500 under the ADA.
In contrast, wellness programs that do not require disability-related inquiries or medical examinations to earn an incentive are not subject to the ADA’s incentive limits. This includes, for example, attending nutrition, weight loss or smoking cessation classes.
¨ Employers should review the rewards allocated to different components of their programs to ensure compliance.
¨ Employers who are using the total cost of family coverage where spouses participate should recalculate the maximum permissible reward based on the cost of employee-only coverage.
Key difference! HIPAA/ACA regulations permit incentives up to 50% of the total cost of employee coverage for programs designed to prevent or reduce tobacco use.
¨ Employers should assess whether the program incorporates a medical exam. If so then the award has to be limited to 30% under the ADA. If not, then 50% is acceptable.
Under the ADA, regardless of whether a wellness program includes disability related inquiries or medical examinations, reasonable accommodation must be provided, absent due hardship. For example:
Key difference for participatory programs! Under the HIPAA/ACA regulations, reasonable alternative standards are required only for health contingent programs. In contrast, under the ADA proposed regulations, an employer has to provide reasonable accommodation for a participatory program even though that is not required under the HIPAA/ACA regulations.
¨ Employers should review their participatory programs and ensure that they are considering reasonable accommodation, where appropriate.
Note: The EEOC acknowledges that providing a reasonable alternative standard and notice to the employee of the availability of a reasonable alternative under the HIPAA/ACA regulations as part of a health contingent program would likely satisfy the reasonable accommodation requirement.
Medical information or history obtained under a wellness program regarding any individual may only be provided to the employer in aggregate terms that do not disclose, or are not reasonably likely to disclose, the identity of any employee, except as necessary to administer the health plan and as otherwise permitted by the ADA. Both employers and administrators must ensure compliance with this provision. An employer should be able to comply with this rule by complying with the HIPAA Privacy Rule.
Under existing regulations medical records developed in the course of providing voluntary health services to employees, including wellness programs, must be maintained in a confidential manner. While there is an exception allowing disclosure to managers and supervisors in connection with necessary work restrictions or accommodations, this would rarely, if ever, apply to medical information collected as part of a wellness program.
The EEOC reminds employers that they must ensure the confidentiality of employee medical information, and that proper training of individuals who handle medical information is critical. Employers should also have clear privacy policies and procedures regarding medical information, and on-line systems should guard against unauthorized access. In addition, the EEOC provided the following guidance, which employers can use as a checklist:
¨ Individuals who handle medical information that is part of an employee health program should not be responsible for making decisions relating to employment, such as hiring, termination or discipline.
¨ Consider using a third party vendor to collect information in support of a wellness program to reduce the risk of disclosure to those making employment decisions. Employers using a third party vendor should be familiar with the vendor’s privacy policies.
¨ Employers administering their own wellness program should have adequate firewalls in place to prevent unintended disclosure, and the information must not be used to discriminate on the basis of disability in violation of the ADA.
¨ Employers should report breaches of confidentiality immediately to affected employees.
¨ Employers should make clear that individuals responsible for disclosures of confidential medical information will be disciplined.
¨ If a vendor is responsible for confidentiality breaches, consider discontinuing the relationship.
If a wellness program is part of a group health plan, the individually identifiable health information collected from or created about participants as part of the wellness program is protected health information (PHI), subject to the requirements of the HIPAA Privacy Rule. An employer can generally comply with the confidentiality requirements under the ADA that are applicable to wellness plans by complying with the HIPAA Privacy Rule.
Employers should confirm the following compliance steps are in place:
¨ Employer Certification: The employer has provided an employer certification to the health plan that the employer will comply with the HIPAA Privacy Rule.
¨ Privacy Notice: Wellness program is mentioned in the HIPAA Privacy Notice.
¨ HIPAA Policies/Procedures: Wellness program is included in the health plan’s policies and procedures.
¨ Training: Employees who administer the wellness program understand the confidentiality requirements of HIPAA and the ADA.
¨ Wellness program is properly described in the ERISA documents for the group health plan, including the SPD.
¨ HIPAA Security Rule documentation properly covers information from the wellness program.